Page 152 - Cyber Defense eMagazine January 2023
P. 152

Establish ways and means to detect and respond to incidents and develop sound business continuity
            and disaster recovery plans. Make certain third-party providers are also secure by conducting an audit of
            their security measures or building standards into their contracts with you.



            Q #5: Did we conduct a penetration test against our application?

            Most  security  vulnerabilities  are  not  identified  until  an  external  party  conducts  a  penetration  test.  A
            penetration test is one of the best ways to identify any significant security issues with an application.
            Penetration  tests  go  a  step further than  a  risk  assessment  by  attempting  to  exploit the  weaknesses
            identified.

            For example, a vulnerability assessment might discover patches are not being updated regularly, leaving
            a  company  vulnerable  to  attacks.  A  penetration  test  would  attempt to  access the company  systems
            through unpatched vulnerabilities, enabling the cybersecurity team to shore up any potential risk areas
            in advance.



            Being Prepared

            Any company building a cloud security strategy must comply with the requirements of their industry but
            it is just as important to go beyond required compliance by being prepared ahead of time for any possible
            cybersecurity incidents. Put processes in place to detect anomalies and attempted breaches. Exercise
            reasonable  security  measures  to  anticipate  problems.  Make  sure  you  have  adequate  backup  and
            restoration procedures. If you are unsure about moving forward, get expert help to secure your systems
            and protect your customers and staff.



            About the Author

            Metin Kortak the Chief Information Security Officer at Rhymetec. Metin
            Kortak has been working as the Chief Information Security Officer at
            Rhymetec since 2017. He started out his career working in IT Security
            and  gained  extensive  knowledge  on  compliance  and  data  privacy
            frameworks such as: SOC; ISO 27001; PCI; FEDRAMP; NIST 800-53;
            GDPR; CCPA; HITRUST and HIPAA.


            Metin joined Rhymetec to build the Data Privacy and Compliance as a
            service offering and under his leadership, the service offerings have
            grown to more than 200 customers and is now a leading SaaS security
            service provider in the industry. Metin splits his time between his homes in California and New York City
            and in his free time, he enjoys traveling, exercising, and spending quality time with his friends.

            Metin  can  be  reached  online  at  https://www.linkedin.com/in/mkortak/  and  at  his  company  website
            https://rhymetec.com/




            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       152
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   147   148   149   150   151   152   153   154   155   156   157